The Google Chrome browser is set to add a feature that will warn users when accessing sites with domain names that look like authentic websites.
The feature has been in the works for quite some time at Google and is a response to the practice of using typosquatted domains or IDN homograph attacks to lure users on websites they didn't intend to access.
For example, crooks often register misspelled versions of popular domains, such as paypall.com, or they'd use domains with Unicode characters like coịnbạse.com to host phishing pages and steal users' credentials.
But since the release of Chrome Canary 70, Google engineers have been testing a new feature called "Navigation suggestions for lookalike URLs."
In Chrome Canary distributions --Google Chrome's testing ground for new features-- users can access the following URL to enable the feature:
chrome://flags/#enable-lookalike-url-navigation-suggestions
Once enabled, this new mechanism will show a dropdown panel under the Chrome address bar, asking the user if he really meant to type and access that URL, which Chrome deemed dangerous due to its close resemblance with a more legitimate site.
This Chrome flag is also present in the stable version of Chrome, but in our tests, it failed to detect the same URLs that Canary picked up, meaning Google engineers are still fine-tuning their lookalike URL detection system before its official release.
It is unclear when this feature will officially ship, but it must be really close to being finalized, seeing that a Google Chrome engineer gave a presentation about it yesterday, January 29, at the USENIX Enigma conference held in the US. More on her presentation in coverage from our sister site CNET.
All the Chromium-based browsers
More browser coverage:
- Mozilla publishes official Firefox anti-tracking policy
- How to enable and test the new Google Chrome dark mode on Windows 10
- Google Chrome to add drive-by-download protection
- Google Chrome's built-in ad blocker to roll out worldwide on July 9
- Firefox 65 released with AV1 and WebP support
- Chrome API update will kill a bunch of other extensions, not just ad blockers
- How to use Vivaldi Tab Sessions TechRepublic
- Brave's privacy-focused ads to spread beyond startup's own browser CNET